From 391659780d815db6be9c450f9e87508613a1d0b5 Mon Sep 17 00:00:00 2001
From: Fijxu <fijxu@nadeko.net>
Date: Mon, 30 Dec 2024 18:41:22 -0300
Subject: [PATCH] companion: move invidious-companion url CSP

---
 src/invidious/routes/before_all.cr | 4 ++--
 src/invidious/routes/embed.cr      | 7 -------
 src/invidious/routes/watch.cr      | 7 -------
 3 files changed, 2 insertions(+), 16 deletions(-)

diff --git a/src/invidious/routes/before_all.cr b/src/invidious/routes/before_all.cr
index f6a9bb00..0296651e 100644
--- a/src/invidious/routes/before_all.cr
+++ b/src/invidious/routes/before_all.cr
@@ -43,9 +43,9 @@ module Invidious::Routes::BeforeAll
       "style-src 'self' 'unsafe-inline'",
       "img-src 'self' data:",
       "font-src 'self' data:",
-      "connect-src 'self'" + EXT_VIDEOP_LIST,
+      "connect-src 'self'" + CONFIG.invidious_companion.sample.public_url + EXT_VIDEOP_LIST,
       "manifest-src 'self'",
-      "media-src 'self' blob:" + extra_media_csp + EXT_VIDEOP_LIST,
+      "media-src 'self' blob:" + extra_media_csp + CONFIG.invidious_companion.sample.public_url + EXT_VIDEOP_LIST,
       "child-src 'self' blob:",
       "frame-src 'self'",
       "frame-ancestors " + frame_ancestors,
diff --git a/src/invidious/routes/embed.cr b/src/invidious/routes/embed.cr
index 49aeade5..00f24159 100644
--- a/src/invidious/routes/embed.cr
+++ b/src/invidious/routes/embed.cr
@@ -203,13 +203,6 @@ module Invidious::Routes::Embed
       return env.redirect url
     end
 
-    if companion_base_url = video.invidious_companion.try &.["baseUrl"].as_s
-      env.response.headers["Content-Security-Policy"] =
-        env.response.headers["Content-Security-Policy"]
-          .gsub("media-src", "media-src #{companion_base_url}")
-          .gsub("connect-src", "connect-src #{companion_base_url}")
-    end
-
     rendered "embed"
   end
 end
diff --git a/src/invidious/routes/watch.cr b/src/invidious/routes/watch.cr
index c9bb9f7e..f0b65e7d 100644
--- a/src/invidious/routes/watch.cr
+++ b/src/invidious/routes/watch.cr
@@ -217,13 +217,6 @@ module Invidious::Routes::Watch
       video_url = nil
     end
 
-    if companion_base_url = video.invidious_companion.try &.["baseUrl"].as_s
-      env.response.headers["Content-Security-Policy"] =
-        env.response.headers["Content-Security-Policy"]
-          .gsub("media-src", "media-src #{companion_base_url}")
-          .gsub("connect-src", "connect-src #{companion_base_url}")
-    end
-
     templated "watch"
   end